From c320f134d684846745f6556d9abbd4e0603944bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonatan=20M=C3=A4nnchen?= Date: Tue, 19 Sep 2023 11:26:59 +0200 Subject: [PATCH] Extract Certification into separate branch --- .gitignore | 5 +- README.md | 2 +- conformance/HOWTO.md | 111 --------------------------- conformance/test.exs | 178 ------------------------------------------- 4 files changed, 5 insertions(+), 291 deletions(-) delete mode 100644 conformance/HOWTO.md delete mode 100755 conformance/test.exs diff --git a/.gitignore b/.gitignore index 13bfa23..b4dc0c2 100644 --- a/.gitignore +++ b/.gitignore @@ -29,6 +29,9 @@ oidcc-*.tar mix.lock rebar.lock +# Certification Subtree +/certification + # Other Rebar Files ebin/ log/ @@ -37,4 +40,4 @@ _rel/ elvis xrefr *~ -*# \ No newline at end of file +*# diff --git a/README.md b/README.md index d8cb05e..85f1348 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ OpenID Connect client library for Erlang. diff --git a/conformance/HOWTO.md b/conformance/HOWTO.md deleted file mode 100644 index d27e644..0000000 --- a/conformance/HOWTO.md +++ /dev/null @@ -1,111 +0,0 @@ -# Conformance Testing - -## Setup - -- Register on https://www.certification.openid.net/ -- Create Testplan https://www.certification.openid.net/schedule-test.html - -## Conformance Profiles to Test - -### OpenID Connect Core: Basic Certification Profile Relying Party Tests - -- **Relevant for Certification: Yes** -- Id: `oidcc-client-basic-certification-test-plan` -- Request Type: `plain_http_request` -- Client Registration Type: `static_client` -- Config - -```json -{ - "alias": "test", - "description": "test", - "client": { - "client_id": "client_id", - "client_secret": "client_secret", - "redirect_uri": "http://localhost:4000/callback" - } -} -``` - -### OpenID Connect Core Client Tests: Comprehensive client test - -- **Relevant for Certification: No** -- Expected Failures - - `oidcc-client-test-discovery-webfinger-acct` - WebFinger is not supported - - `oidcc-client-test-discovery-webfinger-url` - Webfinger is not supported -- Id: `oidcc-client-test-plan` -- Client Authentication Type: `client_secret_post` -- Request Type: `plain_http_request` -- Response Type: `code` -- Client Registration Type: `static_client` -- Response Mode: `default` -- Config - -```json -{ - "alias": "test", - "description": "test", - "client": { - "client_id": "client_id", - "client_secret": "client_secret", - "redirect_uri": "http://localhost:4000/callback" - } -} -``` - -### OpenID Connect Core Client Refresh Token Profile Tests: Relying party refresh token tests - -- **Relevant for Certification: No** -- Id: `oidcc-client-refreshtoken-test-plan` -- Client Authentication Type: `client_secret_basic` -- Request Type: `plain_http_request` -- Response Type: `code` -- Client Registration Type: `static_client` -- Response Mode: `form_post` -- Config - -```json -{ - "alias": "test", - "description": "test", - "client": { - "client_id": "client_id", - "client_secret": "client_secret", - "redirect_uri": "http://localhost:4000/callback" - } -} -``` - -### OpenID Connect Core: Form Post Basic Certification Profile Relying Party Tests - -- **Relevant for Certification: Yes** -- Id: `oidcc-client-formpost-basic-certification-test-plan` -- Request Type: `plain_http_request` -- Client Registration Type: `static_client` -- Config - -```json -{ - "alias": "test", - "description": "test", - "client": { - "client_id": "client_id", - "client_secret": "client_secret", - "redirect_uri": "http://localhost:4000/callback" - } -} -``` - -## How to Execute - -- Open Plan / Specific Test -- Start `./test.exs` -- Open http://localhost:4000/authorize in your Browser -- (for refresh profiles) Click Refresh Link -- Test should pass - -## How to Submit Certification - -- Execute all `Relevant for Certification` profiles -- All results must be passed (green) or skipped (orange) -- Follow steps here: https://openid.net/certification/connect_rp_submission/ diff --git a/conformance/test.exs b/conformance/test.exs deleted file mode 100755 index e9687f9..0000000 --- a/conformance/test.exs +++ /dev/null @@ -1,178 +0,0 @@ -#!/usr/bin/env elixir -Mix.install( - [ - {:oidcc, path: "..", override: true}, - {:oidcc_plug, "~> 0.1.0-alpha"}, - {:plug_cowboy, "~> 2.5"}, - {:phoenix, "~> 1.7"}, - {:jason, "~> 1.4"} - ], - config: [ - conformance: [ - {Conformance.Endpoint, - [ - http: [ip: {127, 0, 0, 1}, port: 4000], - server: true, - secret_key_base: String.duplicate("a", 64), - debug_errors: true - ]} - ] - ] -) - -Application.ensure_all_started(:oidcc) -JOSE.unsecured_signing(true) - -defmodule Conformance.AuthController do - use Phoenix.Controller - - alias Oidcc.Token - - plug( - Oidcc.Plug.AuthorizationCallback, - [ - provider: :config_worker, - client_id: "client_id", - client_secret: "client_secret", - redirect_uri: "http://localhost:4000/callback" - ] - when action in [:callback] - ) - - def callback_form(conn, %{"code" => code}) do - # Redirect neccesary since session does not include nonce - # on cross origin post - redirect(conn, to: "/callback?code=" <> code) - end - - def callback( - %Plug.Conn{ - private: %{ - Oidcc.Plug.AuthorizationCallback => {:ok, {token, userinfo}} - } - } = conn, - _params - ) do - spawn(fn -> - Process.sleep(5_000) - System.halt() - end) - - with {:ok, {refreshed_token, refreshed_userinfo}} <- maybe_refresh(token) do - send_resp( - conn, - 200, - inspect( - %{ - token: token, - userinfo: userinfo, - refreshed_token: refreshed_token, - refreshed_userinfo: refreshed_userinfo - }, - pretty: true - ) - ) - else - {:error, reason} -> error_response(conn, reason) - end - end - - def callback( - %Plug.Conn{ - private: %{ - Oidcc.Plug.AuthorizationCallback => {:error, reason} - } - } = conn, - _params - ) do - spawn(fn -> - Process.sleep(5_000) - System.halt() - end) - - error_response(conn, reason) - end - - defp maybe_refresh(%Token{refresh: %Token.Refresh{token: _refresh_token}} = token) do - with {:ok, token} <- - Oidcc.refresh_token( - token, - :config_worker, - "client_id", - "client_secret" - ), - {:ok, userinfo} <- - Oidcc.retrieve_userinfo( - token, - :config_worker, - "client_id", - "client_secret", - %{} - ) do - {:ok, {token, userinfo}} - end - end - - defp maybe_refresh(%Token{}), do: {:ok, {nil, nil}} - - defp error_response(conn, reason) do - send_resp(conn, 400, inspect(reason, pretty: true)) - end -end - -defmodule Conformance.Router do - use Phoenix.Router - - pipeline :browser do - plug(:accepts, ["html"]) - - plug(:fetch_session) - end - - scope "/" do - pipe_through(:browser) - - forward("/authorize", Oidcc.Plug.Authorize, - provider: :config_worker, - client_id: "client_id", - client_secret: "client_secret", - redirect_uri: "http://localhost:4000/callback" - ) - - get("/callback", Conformance.AuthController, :callback) - post("/callback", Conformance.AuthController, :callback_form) - end -end - -defmodule Conformance.Endpoint do - use Phoenix.Endpoint, otp_app: :conformance - - plug(Plug.Parsers, - parsers: [:urlencoded, :multipart, :json], - pass: ["*/*"], - json_decoder: Phoenix.json_library() - ) - - plug(Plug.Head) - - plug(Plug.Session, - store: :cookie, - key: "_session", - signing_salt: "6MKm58UGfKFEgo8M1cx9GuTJX8Vy6nW3", - same_site: "Lax" - ) - - plug(Conformance.Router) -end - -{:ok, _} = - Supervisor.start_link( - [ - Conformance.Endpoint, - {Oidcc.ProviderConfiguration.Worker, - %{issuer: "https://www.certification.openid.net/test/a/test/", name: :config_worker}} - ], - strategy: :one_for_one - ) - -Process.sleep(:infinity)